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DETAILED ACTION 

Claims 1-24 are presented for examination. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-4 and 6-24 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Sheymov, (U.S. Publication No. 2002/0116635 and Sheymov hereinafter). 

Regarding claim 1, Sheymov discloses a method for identifying infected program 
instructions, comprising the steps of: 

inserting a dynamic execution layer interface (DELI) between computing device 
hardware and the program instructions (i.e., Dynamic Decoy Machine and the Code 
Inspection Management Module)(Page 1, Par 0012 and Page 3, Par. 0037); 

monitoring the program instructions as they enter the DELI to determine if the 
code has been previously processed by the computing device hardware, and when it is 
the case that the application code has not been previously processed (Page 5, 0049- 
0050); and 
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analyzing the program instructions to determine if program instructions are 
infected (i.e., detecting potential malicious code prior to passing code to the protected 
system)(Page 5, Par. 0049-0060). 

Regarding claims 9, 15, and 21 , Sheymov discloses a system for detecting 
infected program instructions in active software applications, comprising: 

means for intercepting program instructions, means for determining when the 
intercepted program instructions have not been processed by the computing~device 
(Pages 5, Par. 0049-0050); and 

means for analyzing the intercepted program instructions that have not been 
processed by the computing device prior to forwarding the intercepted program 
instructions to computer hardware (i.e., detecting potential malicious code prior to 
passing code to the protected system)(Page 5, Par. 0049-0060). 

Regarding claims 19 and 12-14, Sheymov discloses a computer system, 
comprising: 

a processor, an execution memory (i.e., the protected system)(Page 3, Par. 
0035-0037); 

a dynamic execution layer interface (DELI)(i.e., Dynamic Decoy Machine and the 
Code Inspection Management Module)(Page 1, Par 001 2 and Page 3, Par. 0037) 
residing between at least one application and the processor, wherein the DELI 
comprises: a core configured to cache and execute certain application code fragments, 
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an application programming interface configured to provide access to caching and 
executing functions of the core to a virus detection manager (i.e., initializing the 
dynamic decoy machine and updating it if necessary), and a system control and 
configuration layer configured to provide policies for operation of the core (i.e., actuator 
module)(Page 5, Par. 0049-0060). 

Regarding claim 2, Sheymov discloses wherein the step of analyzing the 
program instructions comprises an investigation of the contents of instructions within 
code fragments (Page 5, Par. 0050-0054). 

Regarding claim 3, Sheymov discloses wherein the step of analyzing the 
program instructions comprises inserting decrypted program instructions into a virus 
detection manager (Page 3, Par. 0032-0034). 

Regarding claims 4, 18, 22, and 24, Sheymov discloses further comprising the 
step of: 

releasing program instructions from the virus detection manager when infected 
program instructions are not detected (Page 5, Par. 0055-0056). 

Regarding claim 6, Sheymov discloses wherein the step of analyzing the 
program instructions comprises monitoring the behavior of the contents of the code 
fragments in a virtual computing device (Page 3, Par. 0036-0037). 
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Regarding claims 7 and 20, Sheymov discloses wherein the step of analyzing the 
program instructions comprises applying a plurality of tests on the contents of the code 
fragments in a virtual computing device (Page 3, Par. 0036-0037). 

Regarding claim 8, Sheymov discloses further comprising the step of: 
processing the released program instructions in computer hardware (Page 5, 
Par. 0055-0056). 

Regarding claims 10-11 and 16-17, Sheymov discloses further comprising: 
means for gaining control over execution of program instructions (Page 5, Par. 
0049-0056). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Sheymov, 
(U.S. Publication No. 2002/01 16635 and Sheymov hereinafter), in view of Hypponen et 
al., (U.S. Patent No. 6,577,920 and Hypponen hereinafter). 
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Regarding claim 5, Sheymov does not expressly disclose wherein the step of 
analyzing the program instructions comprises performing a signature comparison with 
the contents of the code fragments. 

However, Hypponen discloses wherein the step of analyzing the program 
instructions comprises performing a signature comparison with the contents of the 
code fragments (Col. 4, lines 36-67 and Col. 5, lines 1-67). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Sheymov with theleachings 
of Hypponen because it would allow to include the step of analyzing the program 
instructions comprises performing a signature comparison with the contents of the 
code fragments with the motivation to scan data being written to or read from a 
computer's hard disk drive for the presence of macros having a checksum 
corresponding to one of the identified viruses (Hypponen, Col. 2, lines 1-5). 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Nachenberg, (U.S. Patent No. 5,964,889), 
Nachenberg, (U.S. Patent No. 5,826,013), 
Schnurer et al. (U.S. Patent No. 5,842,002), 
Arnold et al., (U.S. Patent No. 5,440,723), 
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Rogers et al., (U.S. Publication No. 2002/0083334), and 
Natvig, (U.S. Publication No. 2003/0135791). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Arezoo Sherkat whose telephone number is (571 ) 272- 
3796. The examiner can normally be reached on 8:00-4:30 Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571 ) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 





Arezoo Sherkat 
Patent Examiner 
Group 2131 
Dec. 27, 2004 



